Creators Agency Docs

Appearance

Authentication

How Creators Sign In

The Affiliate Platform uses magic links — there are no passwords.

The sign-in flow:

  1. Creator visits the sign-in page (ca-auth portal)
  2. Enters their email address
  3. Receives an email with a "Sign In" button
  4. Clicks the button — they're automatically signed in and redirected to their dashboard
  5. The magic link expires shortly after use (and after a time limit) for security → DB: The token is stored in Verification (identifier = email address, value = one-time token, expiresAt = short expiry window). Consumed on first use.

If a magic link has expired, the creator just goes back to the sign-in page and requests a new one. The whole process takes under a minute.

Sign-In Portal (ca-auth)

There is a separate sign-in entry point — a small web app called ca-auth — that handles the email input and magic link flow. After successful authentication, it redirects the creator to the main Affiliate Platform. This separation keeps the sign-in experience clean and allows it to be used across multiple internal tools.

Sessions

Once signed in, a creator's session is maintained securely by the platform. They stay signed in across page navigations and browser refreshes. Sessions do eventually expire for security — if a creator finds themselves signed out, they simply go through the magic link flow again. → DB: Creates a row in Session (userId, token, expiresAt) on every successful sign-in.

Admin Accounts

Admin accounts work the same way (magic link sign-in) but have a different role that grants access to the full admin panel. Admin accounts are created by the technical team — there's no self-service signup for admin access. → DB: Access is controlled by User.role — value is "admin" for admin accounts.

Impersonation (Admins Only)

Admins can temporarily view the platform as any creator. This is useful for:

  • Troubleshooting issues a creator is experiencing
  • Verifying that a creator's links and earnings look correct
  • QA testing after changes

How to use it:

  1. Go to Admin → Users
  2. Find the creator
  3. Click "Open as" next to their name
  4. The creator's dashboard opens in your browser with a purple banner at the top
  5. Click "← Return to my account" in the banner to go back to your admin session

Your admin session is preserved throughout — you're not actually signed out of your account. → DB: Impersonation creates a real row in Session for the target creator. The admin's original session is stashed separately as an impersonation-return cookie and restored on exit.

Creator Tiers

Each creator account is assigned a tier (1, 2, or 3) by admins. The tier affects what the creator can do within the platform — for example, how much control they have over customizing their link slugs. Tier is set in the Admin Users panel and is not shown to creators directly. → DB: User.tier — integer value 1, 2, or 3.